Blame: tamper/multiplespaces.py - sqlmapproject/sqlmap

Automatic SQL injection and database takeover tool

0 0 0 Python

Last preparations for DREI 2019-05-08 12:47:52 +02:00			`#!/usr/bin/env python`
adding new tamper script 2011-06-09 12:14:14 +00:00
			`"""`
Year bump 2026-01-01 19:12:07 +01:00			`Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)`
Replacing doc/COPYING to LICENSE 2017-10-11 14:50:46 +02:00			`See the file 'LICENSE' for copying permission`
adding new tamper script 2011-06-09 12:14:14 +00:00			`"""`

			`import random`
			`import re`

			`from lib.core.data import kb`
Stabilizing DREI 2019-05-03 13:20:15 +02:00			`from lib.core.datatype import OrderedSet`
Trivial update 2019-06-04 14:44:06 +02:00			`from lib.core.enums import PRIORITY`
adding new tamper script 2011-06-09 12:14:14 +00:00
			`__priority__ = PRIORITY.NORMAL`

Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00			`def dependencies():`
			`pass`

Update for an Issue #12 2012-12-03 14:27:01 +01:00			`def tamper(payload, **kwargs):`
adding new tamper script 2011-06-09 12:14:14 +00:00			`"""`
First commit related to the #3108 2018-07-31 01:17:11 +02:00			`Adds multiple spaces (' ') around SQL keywords`
Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
			`Notes:`
			`* Useful to bypass very weak and bespoke web application firewalls`
			`that has poorly written permissive regular expressions`

adding new tamper script 2011-06-09 12:14:14 +00:00			`Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt`
Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
			`>>> random.seed(0)`
			`>>> tamper('1 UNION SELECT foobar')`
Stabilizing DREI 2019-05-03 13:20:15 +02:00			`'1 UNION SELECT foobar'`
adding new tamper script 2011-06-09 12:14:14 +00:00			`"""`

			`retVal = payload`

			`if payload:`
Stabilizing DREI 2019-05-03 13:20:15 +02:00			`words = OrderedSet()`
adding new tamper script 2011-06-09 12:14:14 +00:00
Minor refactoring 2018-02-08 16:49:16 +01:00			`for match in re.finditer(r"\b[A-Za-z_]+\b", payload):`
adding new tamper script 2011-06-09 12:14:14 +00:00			`word = match.group()`

			`if word.upper() in kb.keywords:`
			`words.add(word)`

			`for word in words:`
Stabilizing DREI 2019-05-03 13:20:15 +02:00			`retVal = re.sub(r"(?<=\W)%s(?=[^A-Za-z_(]\|\Z)" % word, "%s%s%s" % (' ' * random.randint(1, 4), word, ' ' * random.randint(1, 4)), retVal)`
			`retVal = re.sub(r"(?<=\W)%s(?=[(])" % word, "%s%s" % (' ' * random.randint(1, 4), word), retVal)`
adding new tamper script 2011-06-09 12:14:14 +00:00
Tamper function(s) refactoring (really no need for returning headers as they are passed by reference) 2012-10-25 10:10:23 +02:00			`return retVal`